Guidelines to Help Protect Payroll Data


Private companies that comply with voluntary guidance released by the federal government regarding cybersecurity enhancement may increase protection of payroll data and also increase their preparedness for abiding by data privacy regulations the European Union is to implement next year, speakers said Sept. 28 and Sept. 29 at a conference.
The five core functions detailed in the Framework for Improving Critical Infrastructure Cybersecurity, issued by the National Institute of Standards and Technology (NIST), are to identify cybersecurity threats, proactively protect against them, detect and quickly respond to threats when they occur, and recover from damage dealt by threats while enhancing security to reduce the likelihood of affliction from similar threats, said Stephanie Salavejus, vice president and chief operating officer with PenSoft.
About 30 percent of private organizations in the U.S. were abiding by the NIST cybersecurity guidance in 2015, and about half of the private organizations in the U.S. are to abide by the guidance in 2020, Salavejus said at the American Payroll Association's Fall Forum in Indianapolis.
Payroll departments that apply NIST cybersecurity guidance may increase the degree to which they are to be in compliance with the EU's General Data Protection Regulation (GDPR), which takes effect May 25, 2018, said Melissa Harkcom, director for North America, with Fitzgerald & Law. The GDPR is to intensify data security requirements for all organizations that transmit personal data in some form in EU countries, that possess or process personal data of EU residents, or that have some form of business presence there, she said.
“A lot of the GDPR is common sense, and a lot of it is what you would expect a data protection policy to look like,” Harkcom said.

While implementation of NIST guidelines may be helpful for accordance with the GDPR, “much of the privacy components from GDPR are not covered in the Framework,” NIST said July 21, 2017, in a workshop summary document.
A critical component of payroll compliance with the GDPR is for payroll departments to know exactly how their vendors are processing personal data, including data regarding payments to specifically identified employees, Harkcom said.

Take a free trial of Bloomberg BNA’s Payroll Decision Support Network, your one-stop resource for reliable, up-to-date guidance and analysis in every area of payroll administration and compliance.


Follow Bloomberg BNA on Twitter @BloombergBNA and join the Bloomberg BNA U.S. and Global Payroll group on LinkedIn.